12 matches found
CVE-2026-32881
Summary: CVE-2026-32881 affects the Gleam web server “ewe.” Versions 0.6.0–3.0.4 are vulnerable to an authentication bypass and header spoofing due to how trailer headers are merged into req.headers after body parsing. The denylist in the trailer handling only blocks nine header names, allowing a...
OPENSUSE-SU-2026:20204-1 Security update for python-aiohttp, python-Brotli
This update for python-aiohttp, python-Brotli fixes the following issues: Changes in python-aiohttp: - CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. - CVE-2025-69226: Fixed brute-force leak of internal static file path components bsc1256020. - CVE-2025-69224: Fixed...
Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: CVE-2025-53643: Fixed request smuggling due to incorrect parsing of chunked trailer section bsc1246517 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2025:03057-1 Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: - CVE-2025-53643: Fixed request smuggling due to incorrect parsing of chunked trailer section bsc1246517...
CVE-2025-53643 AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed i.e. without the...
CVE-2025-53643
CVE-2025-53643 (aiohttp) : Prior to 3.12.14, the Python parser is vulnerable to HTTP request smuggling due to not parsing trailer sections. If a pure-Python build (no C extensions) or AIOHTTP_NO_EXTENSIONS is used, an attacker may smuggle requests to bypass certain firewalls/proxy protections. Th...
Debian dla-3897 : trafficserver - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3897 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3897-1 [email protected]...
CVE-2024-35161
Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4...
CVE-2024-35161
Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4...
CVE-2024-35161
CVE-2024-35161 affects Apache Traffic Server. Versions 8.0.0–8.1.10 and 9.0.0–9.2.4 forward malformed HTTP chunked trailer sections to origin servers, enabling potential request smuggling and, if the origin is vulnerable, cache poisoning. Debian and Tenable advisories confirm multiple vendors iss...
CVE-2024-35161 Apache Traffic Server: Incomplete check for chunked trailer section allows request smuggling
Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4...
CVE-2024-35161
Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4...